###############################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
###############################################################################

# Because of OFBIZ-10837 "Improve ObjectInputStream class."
# If you encounter a related issue (object not in the allowList),
# you must provide a complete list of objects to pass to ObjectInputStream through allowList property
# As an example, the a complete list of objects used by OFBiz OOTB is here in allowList.
# You will need to add your objects/classes to this list.

# OFBiz committers:
#     . don't forget to add new objects in SafeObjectInputStream class too (as default there).
#     . "foo" and "SerializationInjector" are used in OFBiz tests

allowList=byte\\[\\], foo, SerializationInjector, \\[Z,\\[B,\\[S,\\[I,\\[J,\\[F,\\[D,\\[C, java..*, sun.util.calendar..*, org.apache.ofbiz..*, org.codehaus.groovy.runtime.GStringImpl, groovy.lang.GString

#-- List of strings rejected for serialisation
#-- The same comments than for allowList apply to denyList
denyList=rmi, <